在 Swagger 的 Swashbuckler 实现中添加授权属性过滤器
[英]Add Authorize Attribute Filter in Swashbuckler Implementation of Swagger
问题描述
Looking to add the AuthorizeFilterAttribute or AnonymousFilterAttribute to an endpoint in Swashbuckle's implementation of Swagger so I can see which attribute is used on each endpoint in the generated documentation file in a running webapi that ends in /swagger.
希望将 AuthorizeFilterAttribute 或 AnonymousFilterAttribute 添加到 Swashbuckle 的 Swagger 实现中的端点,以便我可以看到在以 /swagger 结尾的正在运行的 webapi 中生成的文档文件中的每个端点上使用了哪个属性。 Is this currenlty possible?这个电流可能吗?
I specifically would like to add a big bold label that says this endpoint is [Anonymous] or that endpoint is using [Authorize] and have them look differently that the summary or remark text.我特别想添加一个大粗体标签,说明此端点是 [匿名] 或该端点正在使用 [授权] 并让它们看起来与摘要或评论文本不同。
Also I would like to be able to filter out all the different types of these restriction filter attributes for each endpoint including [NonAction], [Authorize], and [Anonymous] where one of these might be at the top of each controller endpoint.此外,我希望能够为每个端点过滤掉所有不同类型的这些限制过滤器属性,包括 [NonAction]、[Authorize] 和 [Anonymous],其中一个可能位于每个控制器端点的顶部。 Maybe even eventually add other types of FilterAttributes besides these on each endpoint.甚至可能最终在每个端点上添加除这些之外的其他类型的 FilterAttributes。
Currently it looks like only the HTTP Methods, the request and response objects can be retrieved in the current implementation so I was not able to find definitive information on this.目前看起来只有 HTTP 方法,可以在当前实现中检索请求和响应对象,因此我无法找到有关此的明确信息。
Since this is a Swagger implementation do these .NET specific attribute filters not translate to Swashbuckle b/c they only implement what's in the Swagger specification and nothing else?由于这是 Swagger 实现,这些 .NET 特定属性过滤器是否不会转换为 Swashbuckle b/c,它们仅实现 Swagger 规范中的内容而没有其他任何内容?
Finally are their .NET specific extensions to Swashbuckle's implementation that do this?最后是他们对 Swashbuckle 实现的 .NET 特定扩展可以做到这一点吗?
Thanks!谢谢!
1 个解决方案
解决方案1
4 2019-05-22 08:39:02
For the part adding the label to unprotected methods/actions you could use an operation filter like this对于将标签添加到不受保护的方法/操作的部分,您可以使用这样的操作过滤器
public class UnprotectedOperationFilter : IOperationFilter
{
private bool HasAttribute(MethodInfo methodInfo, Type type, bool inherit)
{
// inhertit = true also checks inherited attributes
var actionAttributes = methodInfo.GetCustomAttributes(inherit);
var controllerAttributes = methodInfo.DeclaringType.GetTypeInfo().GetCustomAttributes(inherit);
var actionAndControllerAttributes = actionAttributes.Union(controllerAttributes);
return actionAndControllerAttributes.Any(attr => attr.GetType() == type);
}
public void Apply(Operation operation, OperationFilterContext context)
{
bool hasAuthorizeAttribute = HasAttribute(context.MethodInfo, typeof(AuthorizeAttribute), true);
bool hasAnonymousAttribute = HasAttribute(context.MethodInfo, typeof(AllowAnonymousAttribute), true);
// so far as I understood the action/operation is public/unprotected
// if there is no authorize or an allow anonymous (allow anonymous overrides all authorize)
bool isAuthorized = hasAuthorizeAttribute && !hasAnonymousAttribute;
if (!isAuthorized)
{
operation.Description =
"<p><bold>BIG BOLD LABEL indicating an UPROTECTED PUBLIC method</bold></p>"
+ operation.Description;
}
}
}
and add it with并添加它
services.AddSwaggerGen(c => { c.OperationFilter<UnprotectedOperationFilter>();} );
I didn't understand what you mean with filter out different attributes but I hope the code above helps you to check if the attribute is present and do what you desire to do.我不明白过滤掉不同属性的意思,但我希望上面的代码可以帮助您检查属性是否存在并执行您想做的事情。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.